Great topic! perhaps, the IDE would need to be tested to provide hashing outputs after every run and compare its results with the previous outputs. This will only check for changes in dom0 and check for gaps.
However, if an issue was discovered; how would we solve it?
Can we just swap a dom0 for another dom0?
Or is there a dom0 available in a repository that is stable and easily installed? i.e. Thus not using an update as that might not fix the issue per say, as that would most likely fix any vulnerabilities previously discovered.
If a clean, updated and hardended dom0 was available to download and install; some of us might feel more at ease in case exploit.
Perhaps, there is and I haven’t read enough to find it and install it.